James Delahunty
9 Sep 2011 21:37
Google urges Gmail users to take precautions after attempted man-in-the-middle attacks.
Last week, the compromise of a Dutch certificate authority, DigiNotar, put the private online communications of some Internet users (mostly in Iran) at risk. It was found that a fraudulent SSL certificate was issued by DigiNotar for Google (which its not supposed to issue certificates for) allowed the attackers to get between Gmail users and the encrypted Google services.
The Google Chrome browser immediately detected the fraudulent certificates, protecting the user. Both Microsoft and Mozilla responded promptly to the threat too.
Not the Gmail team is urging Iranian users to take steps to protect their communications. It is contacting users directly that it deems to have been affected by the attack, even though Google's internal systems were not compromised in any way.
On its official blog, the Gmail team urged all Iranian users to:
More information on securing a Google account can be found here.